All our security professionals have received individual certifications from EC-Council, the industry recognised training body for InfoSec and Cyber Security.
The cyber security landscape is complex. A reliable pair of hands can help ensure your Information Technology and Electronic Infrastructure is free of unwanted vulnerabilities, and you and your team are aware of the potential risks.
Vipac’s Cybersecurity team are trained and accredited to perform Vulnerability Assessments and Penetration Tests, ensuring your security policies are adhered to, and your perimeter is free of potential attack vectors. We can tailor a solution to assist with compliance for a range of international standards and regulations.
To find out more see a list of common assessments below or contact our Cybersecurity team today.
External vulnerability assessments (read more...)
This assessment provides understanding of the vulnerabilities at the network perimeter. i.e. vulnerabilities a malicious hacker on the Internet might find and exploit. It will provide a list of risks sorted by criticality, with recommendations for mitigation or avoiding the risk altogether. This can include website security checks.
Internal vulnerability assessments (read more...)
This assessment provides understanding of vulnerabilities within a network. i.e. vulnerabilities that could be exploited by a disgruntled employee, or a compromised employee workstation. It will provide a list of risks sorted by criticality, with recommendations for mitigation or avoiding the risk altogether. We can also perform an assessment of the security of any wireless networks available on-site. We offer white, grey or black box testing.
Penetration tests (read more...)
A penetration test takes the findings from the vulnerability assessment, and attempts to exploit the vulnerabilities. This test confirms the veracity of the vulnerability assessment, and also can provide insight into further vulnerabilities exposed by access to the exploited machine.
Social engineering tests (read more...)
Social engineering techniques are non-technical hacking methods, and can be used to validate the efficacy of security procedures and training. It usually involves interaction with your staff, acting as someone with authority in order to obtain otherwise inaccessible information or network access. This can include: a phone call to a staff member posing as an IT technician, a phone call to the IT helpdesk posing as a staff member, an email to a staff member posed as a valid correspondence but with an exploit payload, a visit to the site posing as a janitor/delivery/neighbour/etc to surreptitiously collect information in order to gain access.
